this post was submitted on 30 Sep 2023
170 points (98.3% liked)

Technology

59157 readers
2307 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
170
GPUs from all major suppliers are vulnerable to new pixel-stealing attack (arstechnica.com)
submitted 1 year ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
18 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] 30mag@lemmy.world 19 points 1 year ago (1 children)

Pixel stealing PoC for deanonymizing a user, run with other tabs open playing video. “Ground Truth” is the victim iframe (Wikipedia logged in as “Yingchenw”). “AMD” is the attack result on a Ryzen 7 4800U after 30 minutes, with 97 percent accuracy. “Intel” is the attack result for an i7-8700 after 215 minutes with 98 percent accuracy.

I guess I should take a course on threat analysis, because I don't have a clue how to determine how dangerous this is.

[–] originalucifer@moist.catsweat.com 6 points 1 year ago (2 children)

the pixel is the just the base unit.. expand the exploit and you get 'images'. any image on the remote site... and from there you could target sites that use imaging for password/username stuff (as a method of preventing text-based exploits).

the one pixel leads to lots of nonsense

its a teeny tiny hole, but thats all you need

[–] FunderPants@lemmy.ca 12 points 1 year ago* (last edited 1 year ago)

That and apparently a lot of time. Am I right in reading it could take hours to leak enough pixels to form an image? So to get a password the password would need to be plain text, visible on the target website, and not be moved, removed or otherwise changed for hours.

[–] 30mag@lemmy.world 3 points 1 year ago

yeah, but if it takes 215 minutes to get just a single word... I mean, I'm not going to have a webpage open for that long.